Tips from DocuSign security leaders

Below are several resources to help you protect yourself online. In the videos below, you’ll find useful insights on security best practices from DocuSign information security leaders.

Keeping security top of mind

Tom Thokey, DocuSign’s senior director of security consulting, discusses the importance of keeping security top of mind during and after the software development process, as well as other best practices around shipping secure code.

Secure code review includes getting into the “guts of the code”

John Heasman, DocuSign’s senior director of security engineering gives a deep dive into his workflow for engineering application security, including the challenges, valuable tools, and his code review methodology.

Security innovation: a deep dive discussion on incident response:

Thomas Kinsella, DocuSign’s senior director of security consulting, shares insights on how he and his team runs DocuSign’s Cybersecurity Trust Centre of Excellence Computer Security Incident Response Team (CSIRT), as well as the Trust Center’s business security innovation processes used for threat modelling, database security automation, phishing investigation, and more.

System and application access best practices

Workstation security

Install anti-virus software and ensure it’s enabled and kept up-to-date. Apply vendor-recommended security patches on a frequent basis.

Public computers/internet cafes

Exercise caution using public computers. Web browsers can cache personal data and store login details. Always log off websites and clear the browser cache when done using a public computer to protect your personal information, passwords, and accounts.

Safeguard IDs & passwords

Keep your user IDs and passwords safe by following these tips.

  • Use a strong password that’s difficult for others to guess, and avoid birthdays, names, and pet names
  • Never write down your password or share it with others
  • Never provide your DocuSign account login or password, credit card number, or other personal information via email or to unknown parties

Note: DocuSign will NEVER ask you for your password.

Filtering email attachments

Quarantine any emails from the Internet with potentially harmful attachments, such as .zip and .exe file types. The only attachments DocuSign sends in email are PDFs.

Additional resources on keeping your data safe